Use Terraform on Windows
This topic describes how to use Terraform on Windows to create Alibaba Cloud resources.
Managing your infrastructure as code (IaC) with Terraform involves the following main steps.
-
Install Terraform: Ensure your system can recognize and execute Terraform commands.
-
Write a Terraform configuration file: The configuration file is the core of Terraform. It describes the creation, configuration, and dependencies of resources, such as VPCs, ECS instances, and OSS buckets.
-
Initialize and create resources: This critical step turns your infrastructure design into active resources.
-
View and manage resources: After deployment, you can view and manage your infrastructure to ensure it meets current requirements.
-
Destroy resources: When no longer needed, you can destroy the resources.
1. Install Terraform
-
Go to the official Terraform website, download the Terraform binary for your Windows operating system, and extract it.
The download page provides installation packages for the 386 and AMD64 architectures. Select the one that matches your system and click Download.
-
Add the Terraform installation path to the Path environment variable.
-
On your desktop, right-click This PC and select Properties > Advanced system settings > Environment Variables.
-
Under System variables or User variables, click Path, and then select Edit > New. Enter the path to the directory where you extracted the Terraform binary, and click OK to save your changes.
-
-
Verify the installation. Press the Win+R keys, enter
cmd, and click OK to open Command Prompt. Run theterraform --versioncommand. If you see output similar to the following, the installation is successful.Terraform v1.9.3 on windows_amd64
2. Write a Terraform configuration file
The configuration file is the core of Terraform. It defines the infrastructure resources to be deployed in the cloud or on-premises, such as VPC, ECS, and OSS.
-
Create a new folder, for example, ecs, and then create a Terraform configuration file named main.tf in that folder.
Creating a separate working directory for each Terraform project is a best practice. It keeps resources organized, prevents state file conflicts, and simplifies version control. This separation also helps isolate environments and manage modules, which improves maintainability and security.
-
Write the Terraform configuration file. The ECS instance and its dependent resources, such as the VPC and security group, are defined as code in the configuration file. You can copy the following code into main.tf.
Important-
This example creates a pay-as-you-go ECS instance, which incurs charges upon creation.
-
This example uses environment variables for Terraform authentication. For more information, see Terraform Authentication.
The following resources are required to create an ECS instance:
Resource
Description
Creates a VPC instance.
Creates a vSwitch instance.
Creates a security group.
Creates ingress and egress rules for a security group.
Creates an ECS instance.
variable "name" { type = string default = "tf-test" } # Specify the region. variable "region" { type = string default = "cn-beijing" } # Public bandwidth. If greater than 0, a public IP address is assigned to the instance. variable "internet_max_bandwidth_out" { type = number default = 10 } # Specify the ECS instance type. variable "instance_type" { type = string default = "ecs.e-c1m1.large" } # Specify the image ID. variable "image_id" { default = "ubuntu_18_04_64_20G_alibase_20190624.vhd" } # Define tags for the resources. variable "tags" { type = map(string) default = { From = "Terraform" Usage = "demo" } } provider "alicloud" { region = var.region } # Get available zones for the specified instance type. data "alicloud_zones" "default" { available_instance_type = var.instance_type available_resource_creation = "VSwitch" available_disk_category = "cloud_ssd" } # Create a VPC. resource "alicloud_vpc" "vpc" { vpc_name = var.name cidr_block = "172.16.0.0/12" } # Create a vSwitch. resource "alicloud_vswitch" "vsw" { vpc_id = alicloud_vpc.vpc.id cidr_block = "172.16.0.0/21" zone_id = data.alicloud_zones.default.zones[0].id } # Create a security group. resource "alicloud_security_group" "default" { name = var.name vpc_id = alicloud_vpc.vpc.id } # Add an inbound rule to allow SSH access. resource "alicloud_security_group_rule" "allow_tcp_22" { type = "ingress" ip_protocol = "tcp" nic_type = "intranet" policy = "accept" port_range = "22/22" priority = 1 security_group_id = alicloud_security_group.default.id cidr_ip = "0.0.0.0/0" } # Create an ECS instance. resource "alicloud_instance" "instance" { availability_zone = data.alicloud_zones.default.zones.0.id security_groups = alicloud_security_group.default.*.id instance_type = var.instance_type system_disk_category = "cloud_essd_entry" image_id = var.image_id instance_name = var.name vswitch_id = alicloud_vswitch.vsw.id internet_max_bandwidth_out = var.internet_max_bandwidth_out tags = var.tags } output "ecs_id" { value = alicloud_instance.instance.id } output "ecs_ip" { value = alicloud_instance.instance.public_ip } -
3. Initialize and create resources
After you write the Terraform configuration file, you must initialize the working directory before creating resources.
3.1 Initialize Terraform
In Command Prompt, switch to the folder you created in Step 2, and then run the terraform init command. For any new Terraform configuration, terraform init is the first command to run. It initializes the working directory, downloading the required Alibaba Cloud provider plugin and creating other necessary files.
# Switch to the D: drive.
d:
# Switch to the folder path from Step 2. Replace tool/terraform/projects/ecs with your actual path.
cd tool/terraform/projects/ecs
# Run the initialization command.
terraform init
3.2 Create resources
-
Run
terraform planto create an execution plan. The plan shows detailed information about all the resources that will be created, modified, or destroyed when you runterraform apply.... + router_table_id = (known after apply) + secondary_cidr_blocks = (known after apply) + status = (known after apply) + user_cidrs = (known after apply) + vpc_name = "tf_vpc_test" } # alicloud_vswitch.vsw will be created + resource "alicloud_vswitch" "vsw" { + availability_zone = (known after apply) + cidr_block = "172.16.0.0/21" + create_time = (known after apply) + id = (known after apply) + ipv6_cidr_block = (known after apply) + ipv6_cidr_block_mask = (known after apply) + name = (known after apply) + status = (known after apply) + vpc_id = (known after apply) + vswitch_name = (known after apply) + zone_id = "cn-beijing-a" } Plan: 5 to add, 0 to change, 0 to destroy. Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run "terraform apply" now. -
When you run
terraform apply, resources are created based on the execution plan generated byterraform plan. During the creation process, you must enter yes when prompted to continue creating the resources. For more information about how to pass values to variables, see Variable.Plan: 5 to add, 0 to change, 0 to destroy. Changes to Outputs: + ecs_id = (known after apply) + ecs_ip = (known after apply) Do you want to perform these actions? Terraform will perform the actions described above. Only 'yes' will be accepted to approve. Enter a value: yes alicloud_vpc.vpc: Creating... alicloud_vpc.vpc: Creation complete after 7s [id=vpc-2zexxx5: xxxk5w] alicloud_security_group.default: Creating... alicloud_vswitch.vsw: Creating... alicloud_security_group.default: Creation complete after 2s [id=sg-2zexxx4xxx9pa] alicloud_security_group_rule.allow_tcp_22: Creating... alicloud_security_group_rule.allow_tcp_22: Creation complete after 0s [id=sg-2zexxx4xxx9pa:ingress:tcp:22/22:intranet:0.0.0.0/0:accept:1] alicloud_vswitch.vsw: Creation complete after 4s [id=vsw-2zexxxxxxxxxxxgwdf] alicloud_instance.instance: Creating... alicloud_instance.instance: Still creating... [10s elapsed] alicloud_instance.instance: Creation complete after 14s [id=i-2zexxxxxxxxxxxkmo] Apply complete! Resources: 5 added, 0 changed, 0 destroyed. Outputs: ecs_id = "i-2zexxxxxxxxxxxkmo" ecs_ip = "3x.1xx.1xx.x41"
4. View and manage resources
After deployment, you can manage and maintain your infrastructure.
4.1 View resources
-
Run the
terraform showcommand to view detailed information about the resources.D:\tool\terraform\projects\ecs>terraform show # data.alicloud_zones.default: data "alicloud_zones" "default" { available_disk_category = "cloud_ssd" available_instance_type = "ecs.e-c1m1.large" available_resource_creation = "VSwitch" enable_details = false id = "2398922967" ids = [ "cn-beijing-a", "cn-beijing-c", "cn-beijing-e", "cn-beijing-f", "cn-beijing-g", "cn-beijing-h", "cn-beijing-i", ] instance_charge_type = "PostPaid" multi = false spot_strategy = "NoSpot" zones = [ { available_disk_categories = [] available_instance_types = [] available_resource_creation = [] id = "cn-beijing-a" local_name = null multi_zone_ids = [] slb_slave_zone_ids = [] } ] } -
Run the
terraform state listcommand to list all created resources.D:\tool\terraform\projects\ecs>terraform state list data.alicloud_zones.default alicloud_instance.instance alicloud_security_group.default alicloud_security_group_rule.allow_tcp_22 alicloud_vpc.vpc alicloud_vswitch.vsw -
Run the
terraform state show <resource_type>.<resource_name>command to view detailed information about a specific resource.D:\tool\terraform\projects\ecs>terraform state show alicloud_vpc.vpc # alicloud_vpc.vpc: resource "alicloud_vpc" "vpc" { cidr_block = "172.16.0.0/12" classic_link_enabled = false create_time = "2024-09-09T05:54:41Z" description = null enable_ipv6 = false id = "vpc-2zexxx" ipv6_cidr_block = null ipv6_cidr_blocks = [] name = "tf-test" resource_group_id = "rg-acfxxx" route_table_id = "vtb-2zexxx" router_id = "vrt-2zexxx" router_table_id = "vtb-2zexxx" secondary_cidr_blocks = [] status = "Available" system_route_table_description = null system_route_table_name = null user_cidrs = [] vpc_name = "tf-test" } -
View information about the created resources on the Alibaba Cloud Management Console.
4.2 Manage resources
After Terraform creates or modifies resources, it saves their state and attributes to the terraform.tfstate file. You can use terraform state commands to manage the state. For more information, see Introduction to State.
4.3 Modify resources
-
Modify a resource definition in your configuration file (such as main.tf or another .tf file). For example, you can add a new inbound rule to the security group.
resource "alicloud_security_group_rule" "allow_tcp_443" { type = "ingress" ip_protocol = "tcp" nic_type = "intranet" policy = "accept" port_range = "443/443" priority = 1 security_group_id = alicloud_security_group.default.id cidr_ip = "0.0.0.0/0" } -
Run the
terraform plancommand to preview your changes.Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: # alicloud_security_group_rule.allow_tcp_443 will be created + resource "alicloud_security_group_rule" "allow_tcp_443" { + cidr_ip = "0.0.0.0/0" + id = (known after apply) + ip_protocol = "tcp" + nic_type = "intranet" + policy = "accept" + port_range = "443/443" + prefix_list_id = (known after apply) + priority = 1 + security_group_id = "sg-2zexxx9pa" + type = "ingress" } Plan: 1 to add, 0 to change, 0 to destroy. -
If the plan is correct, run the
terraform applycommand. Enteryeswhen prompted to apply the changes.Plan: 1 to add, 0 to change, 0 to destroy. Do you want to perform these actions? Terraform will perform the actions described above. Only 'yes' will be accepted to approve. Enter a value: yes alicloud_security_group_rule.allow_tcp_22: Creating... alicloud_security_group_rule.allow_tcp_443: Creating... alicloud_security_group_rule.allow_tcp_22: Creation complete after 1s [id=sg-2zexxx:xxx:ingress:tcp:22/22:intranet:0.0.0.0/0:accept:1] alicloud_security_group_rule.allow_tcp_443: Creation complete after 1s [id=sg-2zexxx:xxx:ingress:tcp:443/443:intranet:0.0.0.0/0:accept:1] Apply complete! Resources: 1 added, 0 changed, 0 destroyed. Outputs: ecs_id = "i-2zexxx" ecs_ip = "3x.xxx.xxx.x41"
5. Destroy resources
When you no longer need the resources, run the terraform destroy command to remove the infrastructure.
Plan: 0 to add, 0 to change, 6 to destroy.
Changes to Outputs:
- ecs_id = "i-2zxxx" -> null
- ecs_ip = "3xxx" -> null
Do you really want to destroy all resources?
Terraform will destroy all your managed infrastructure, as shown above.
There is no undo. Only 'yes' will be accepted to confirm.
Enter a value: yes
alicloud_security_group_rule.allow_tcp_443: Destroying... [id=sg-2zexxx:ingress:tcp:443/443:intranet:0.0.0.0/0:accept:1]
alicloud_security_group_rule.allow_tcp_22: Destroying... [id=sg-2zexxx:ingress:tcp:22/22:intranet:0.0.0.0/0:accept:1]
alicloud_instance.instance: Destroying... [id=i-2zexxxkmo]
alicloud_security_group_rule.allow_tcp_443: Destruction complete after 1s
alicloud_security_group_rule.allow_tcp_22: Destruction complete after 1s
alicloud_instance.instance: Still destroying... [id=i-2zexxxkmo, 10s elapsed]
alicloud_instance.instance: Destruction complete after 12s
alicloud_security_group.default: Destroying... [id=sg-2zexxxpa]
alicloud_vswitch.vsw: Destroying... [id=vsw-2zexxxvdf]
alicloud_security_group.default: Destruction complete after 2s
alicloud_vswitch.vsw: Destruction complete after 8s
alicloud_vpc.vpc: Destroying... [id=vpc-2zexxxk5w]
alicloud_vpc.vpc: Destruction complete after 6s
Destroy complete! Resources: 6 destroyed.